I think I have an ACL inheritance problem. Here’s the scenario:
$ ls -l Protocol.md ## Boo, bad permissions; shouldn’t be +x!
-rwxr--r--+ 1 Warren Warren 4.3K May 19 18:41 Protocol.md*
$ chmod -x Protocol.md
$ ls -l Protocol.md ## Still +x! Did I stutter?
-rwxr--r--+ 1 Warren Warren 4.3K May 19 18:41 Protocol.md*
$ icacls.exe Protocol.md ## Okayyy…lots of X’s
Protocol.md NULL SID:(DENY)(Rc,S,X,DC)
MOSSYMAZE\Warren:(R,W,D,WDAC,WO)
MOSSYMAZE\Warren:(DENY)(S,X)
NT AUTHORITY\SYSTEM:(DENY)(S,X)
BUILTIN\Administrators:(DENY)(S,X)
MOSSYMAZE\Warren:(RX)
NT AUTHORITY\SYSTEM:(RX,W)
BUILTIN\Administrators:(RX,W)
Everyone:(R)
Successfully processed 1 files; Failed processing 0 files
$ icacls Protocol.md /reset ## Nuke the X’s!
processed file: Protocol.md
Successfully processed 1 files; Failed processing 0 files
$ ls -l Protocol.md ## Still +x!
-rwx---r-x+ 1 Warren Warren 4.3K May 19 18:41 Protocol.md*
$ chmod -x Protocol.md ## Ah, *now* it will listen to me.
$ ls -l Protocol.md
-rwr--+ 1 Warren Warren 4.3K May 19 18:41 Protocol.md
$ icacls.exe Protocol.md ## Clear as mud
Protocol.md NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
MOSSYMAZE\Warren:(I)(F)
Everyone:(I)(RX)
I assume this is happening because something farther up the directory tree
keeps reapplying the +x bit to this file, but I can’t see what from the icacls
output. Is there a tool that will give me a tree view so I can see what’s
applied at each level? Failing that, do I just run icacls on every parent
directory of this file? And then what? I don’t think I dare /reset all
permissions clear back to the root.
This 2-step permission fix is getting old, because the bad permissions come
back again every time something rewrites one of the affected files.
For what it’s worth, setfacl -bk followed by a chmod -x sometimes always fixes
this. I’m just using icacls above because its output seems clearer, probably
because it’s NTFS-native, not reinterpreting everything through a POSIX lens.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple